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WHAT IS CLAIMED IS: 

1. An access controller that controls an access to an 
information resource stored in a storage device, a plurality of the 
5 access controllers and the storage devices being connected with a 
network, the access controller comprising: 

an access restriction module configured to restrict access to 
each information resource according to an access control list on which 
access right to each information resource is recorded; 
10 an access interception module configured to intercept an 

access by an access prohibited user listed on an access prohibition 
list; 

an input module configured to input user information 
corresponding to the access prohibited user; and 
15 a list update module configured to update the access 

prohibition list corresponding to each access controller connected with 
the network, according to the user information input through the input 
module. 

20 2. An access controller in accordance with claim 1, wherein 

the list update module sends out other access controller a registration 
instruction to register the input user information on the access 
prohibition list of the other access controller. 

25 3. An access controller in accordance with claim 1, wherein 

the list update module sends out updated access prohibition list to 
other access controller. 

4. An access controller in accordance with claim 1, wherein 
30 the access interception module also intercepts the access that has not 
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completed. 

5. An access controller in accordance with claim 1 further 
comprising access control list update module configured to update the 

5 access control list according to the access prohibition list. 

6. An access controller in accordance with claim 5, wherein 
the list update module deletes the user information on the access 
prohibition list at a predetermined timing. 

10 

7. An access controller in accordance with claim 6, wherein 
the predetermined timing is after the update of the access control list 
has been completed. 

15 8. An access controller in accordance with claim 6, wherein 

the predetermined timing is after the update of all access control list 
has been completed. 

9. An access controller that controls an access to an 
20 information resource stored in a storage device, a plurality of the 
access controllers and the storage devices being connected with a 
network, the access controller comprising: 

an access restriction module configured to restrict access to 
each information resource according to an access control list on which 
25 access right to each information resource is recorded; 

a receiving module configured to receive user information of an 
access prohibited user, from other access controller; 

a list update module configured to update an access prohibition 
list, which records user information of access prohibited users, 
30 according to the received user information; and 
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an access interception module configured to restrict the access 
by reference to the access prohibition list prior to the access control 
list. 

5 10. An access controller in accordance with claim 9, wherein 

the access interception module also intercepts the uncompleted 
access. 

11. An access controller in accordance with claim 9 further 
10 comprising access control list update module configured to update the 

access control list according to the access prohibition list. 

12. An access controller in accordance with claim 11, wherein 
the list update module deletes the user information on the access 

15 prohibition list at a predetermined timing. 

13. An access controller in accordance with claim 12, wherein 
the predetermined timing is after the update of the access control list 
has been completed. 

20 

14. An access controller in accordance with claim 12, wherein 
the predetermined timing is after the update of all access control list 
has been completed. 

25 15. An access control system in which a plurality of storage 

devices for storing information resources and access controllers for 
controlling accesses to the information resources are connected with a 
network, each access controller comprising: 

an access restriction module configured to restrict access to 

30 each information resource according to an access control list that 
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records access right to each information resource; 

an access interception module configured to restrict the access 
by reference to an access prohibition list, which records user 
information of access prohibited users, prior to the access control list; 
5 at least one of the access controllers corresponding to the 

updated access prohibition list further comprising a distribution 
module configured to send out the user information or the updated 
access prohibition list to other access controller in response to the 
update; and 

10 the other access controller further comprising a list update 

module configured to receive the user information or the updated 
access prohibition list and to update the access prohibition list of the 
other access controller. 

15 16. An access control system in accordance with claim 15, 

wherein the distribution module broadcasts the user information or the 
updated access prohibition list over all of other access controllers. 

17. An access control system in accordance with claim 15, 
20 wherein the distribution module of each access controller sends out 
the user information or the updated prohibition list to predetermined 
another access controller, thereby transmitting the user information or 
the updated prohibition list from one access controller to another. 

25 18. An access control system in which a plurality of storage 

devices for storing information resources and access controllers for 
controlling an access to the information resources are connected with 
a network, each access controller comprising: 

an access restriction module configured to restrict access to 

30 each information resource according to an access control list on which 
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access right to each information resource is recorded; 

an access interception module configured to restrict the access 
by reference to an access prohibition list, which records user 
information of access prohibited users, prior to the access control list; 
5 a distribution module configured to broadcast the user 

information to other access controller in response to update of own 
access prohibition list; 

a list update module configured to update own access 
prohibition list in case of receiving the user information; 
10 an access control list update module configured to update the 

access control list according to the user information after updating the 
access prohibition list; and 

a user information deletion module configured to delete the 
user information from the access prohibition list after updating the 
15 access control list. 

19. An access control method for controlling an access to an 
information resource stored in a storage device, the method is 
executed by an access controller in a system where a plurality of the 
20 access controllers and the storage devices are connected with a 
network, the method comprising the steps of: 

restricting access to each information resource according to an 
access control list on which access right to each information resource 
is recorded; 

25 intercepting an access by an access prohibited user listed on 

an access prohibition list; 

inputting user information corresponding to the access 
prohibited user; and 

updating the access prohibition list corresponding to each 
30 access controller connected with the network, according to the input 
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user information. 

20. An access control method for controlling an access to an 
information resource stored in a storage device, the method is 

5 executed by an access controller in a system where a plurality of the 
access controllers and the storage devices are connected with a 
network, the method comprising the steps of: 

restricting access to each information resource according to an 
access control list on which access right to each information resource 
10 is recorded; 

receiving user information of an access prohibited user from 
other access controller; 

updating an access prohibition list on which user information of 
access prohibited users is recorded, according to the received user 
15 information; and 

restricting the access by reference to the access prohibition list 
prior to the access control list. 

21. An access control method for controlling an access to 
20 information resources in an access control system where a plurality of 

storage devices for storing information resources and access 
controllers are connected with a network, the method comprising the 
steps of: 

each access controller restricting access to each information 
25 resource according to an access control list on which access right to 
each information resource is recorded; 

each access controller restricting the access by reference to an 
access prohibition list, which records user information of access 
prohibited users, prior to the access control list; 
30 at least one of the access controllers corresponding to the 
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updated access prohibition list sending out the user information or the 
updated access prohibition list to other access controller in response 
to the update; and 

the other access controller receiving the user information or the 
5 updated access prohibition list and updating the access prohibition list 
of the other access controller. 

22. A computer readable recording medium in which a 
computer program executed by an access controller to control an 
10 access to an information resource stored in a storage device is stored, 
the computer program being executed in a system where a plurality of 
the access controllers and the storage devices are connected with a 
network, the computer program comprising: 

a first program code for restricting access to each information 
15 resource according to an access control list on which access right to 
each information resource is recorded; 

a second program code for intercepting an access by an access 
prohibited user listed on an access prohibition list; 

a third program code for inputting user information 
20 corresponding to the access prohibited user; and 

a fourth program code for updating the access prohibition list 
corresponding to each access controller connected with the network, 
according to the input user information. 

25 23. A computer readable recording medium in which a 

computer program executed by an access controller to control an 
access to an information resource stored in a storage device is stored, 
the computer program being executed in a system where a plurality of 
the access controllers and the storage devices are connected with a 

30 network, the computer program comprising: 
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a first program code for restricting access to each information 
resource according to an access control list on which access right to 
each information resource is recorded; 

a second program code for receiving user information of an 
5 access prohibited user from other access controller; 

a third program code for updating an access prohibition list on 
which user information of access prohibited users is recorded, 
according to the received user information; and 

a fourth program code for restricting the access according to 
10 the access prohibition list prior to the access control list. 
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